omniauth-auth0 2.0.0 → 3.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: f42f79c741d55e309c3e99686af45d7f08ca5c92
-  data.tar.gz: 8b58d4f79437cb2fc1b2ee5f618ee30cef82bcea
+SHA256:
+  metadata.gz: 7c56b51f9b1e20c19151c11b2ebed36d976795af342e1ddb6e2faf8adbd606dc
+  data.tar.gz: d464a395f1a95859ce5bcba3956955e489319f7efd5a263f7e1a904810ab58db
 SHA512:
-  metadata.gz: 67e3c0c3fc88653047b8740dab4b89b06986b0ad943c09f67bfbec6bd4abba10c47f39e3a7cf287251a7d001804f756e0f1be80cc78874f0df1d540250310541
-  data.tar.gz: c284dd831da04571f6dedb6c9b0ab333fd40e474ea30bb433a3c6d28ee15dcddd6385c6f8c4ff0175da3b58073500973261231500e069b88fb2574db48c3723e
+  metadata.gz: c24758a4b888a15d499d5a0ad612932f2e452a361fba86dc5af59c812be1c77e10a5735f267e0abfb45e382b381003592b74bbb3fdef8814e58345741a57a978
+  data.tar.gz: a8db445c711acd8b1716baef83f95fad39c7c011c7918a862aabb55b69cae02105df3beced2155298478dc580985a5791acbfa629459116244f924f85e470c57

data/.circleci/config.yml

@@ -0,0 +1,63 @@
+version: 2.1
+orbs:
+  ship: auth0/ship@0
+  codecov: codecov/codecov@3
+
+matrix_rubyversions: &matrix_rubyversions
+  matrix:
+    parameters:
+      rubyversion: ["2.7", "3.0", "3.1"]
+# Default version of ruby to use for lint and publishing
+default_rubyversion: &default_rubyversion "2.7"
+
+executors:
+  ruby:
+    parameters:
+      rubyversion:
+        type: string
+        default: *default_rubyversion
+    docker:
+      - image: cimg/ruby:<< parameters.rubyversion >>
+
+jobs:
+  run-tests:
+    parameters:
+      rubyversion:
+        type: string
+        default: *default_rubyversion
+    executor:
+      name: ruby
+      rubyversion: "<< parameters.rubyversion >>"
+    steps:
+      - checkout
+      - restore_cache:
+          keys:
+            - gems-v2-{{ checksum "Gemfile" }}
+            - gems-v2-
+      - run: |
+          echo 'export BUNDLER_VERSION=$(cat Gemfile.lock | tail -1 | tr -d " ")' >> $BASH_ENV
+          source $BASH_ENV
+          gem install bundler
+          bundle check || bundle install
+      - save_cache:
+          key: gems-v2--{{ checksum "Gemfile" }}
+          paths:
+            - vendor/bundle
+      - run: bundle exec rake spec
+      - codecov/upload
+
+workflows:
+  tests:
+    jobs:
+      - run-tests:
+          <<: *matrix_rubyversions
+      - ship/ruby-publish:
+          context:
+            - publish-rubygems
+            - publish-gh
+          filters:
+            branches:
+              only:
+                - master
+          requires:
+            - run-tests

data/.devcontainer/devcontainer.json

@@ -0,0 +1,18 @@
+{
+	"name": "Ruby",
+	"image": "mcr.microsoft.com/devcontainers/ruby:3.1",
+	"features": {
+		"ghcr.io/devcontainers/features/node:1": {
+			"version": "lts"
+		}
+	},
+	
+	// Use 'forwardPorts' to make a list of ports inside the container available locally.
+	// "forwardPorts": [],
+
+	// Use 'postCreateCommand' to run commands after the container is created.
+	// "postCreateCommand": "ruby --version",
+
+	// Set `remoteUser` to `root` to connect as root instead. More info: https://aka.ms/vscode-remote/containers/non-root.
+	"remoteUser": "vscode"
+}

data/.github/CODEOWNERS

@@ -0,0 +1 @@
+*	@auth0/dx-sdks-engineer

data/.github/ISSUE_TEMPLATE/config.yml

@@ -0,0 +1,8 @@
+blank_issues_enabled: false
+contact_links:
+  - name: Auth0 Community
+    url: https://community.auth0.com/c/sdks/5
+    about: Discuss this SDK in the Auth0 Community forums
+  - name: Library Documentation
+    url: https://github.com/auth0/omniauth-auth0#documentation
+    about: Read the library docs on Auth0.com

data/.github/ISSUE_TEMPLATE/feature_request.md

@@ -0,0 +1,39 @@
+---
+name: Feature request
+about: Suggest an idea or a feature for this project
+title: ''
+labels: feature request
+assignees: ''
+---
+
+<!--
+**Please do not report security vulnerabilities here**. The Responsible Disclosure Program (https://auth0.com/whitehat) details the procedure for disclosing security issues.
+
+Thank you in advance for helping us to improve this library! Your attention to detail here is greatly appreciated and will help us respond as quickly as possible. For general support or usage questions, use the Auth0 Community (https://community.auth0.com/) or Auth0 Support (https://support.auth0.com/). Finally, to avoid duplicates, please search existing Issues before submitting one here.
+
+By submitting an Issue to this repository, you agree to the terms within the Auth0 Code of Conduct (https://github.com/auth0/open-source-template/blob/master/CODE-OF-CONDUCT.md).
+-->
+
+### Describe the problem you'd like to have solved
+
+<!--
+> A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
+-->
+
+### Describe the ideal solution
+
+<!--
+> A clear and concise description of what you want to happen.
+-->
+
+## Alternatives and current work-arounds
+
+<!--
+> A clear and concise description of any alternatives you've considered or any work-arounds that are currently in place.
+-->
+
+### Additional information, if any
+
+<!--
+> Add any other context or screenshots about the feature request here.
+-->

data/.github/ISSUE_TEMPLATE/report_a_bug.md

@@ -0,0 +1,55 @@
+---
+name: Report a bug
+about: Have you found a bug or issue? Create a bug report for this SDK
+title: ''
+labels: bug report
+assignees: ''
+---
+
+<!--
+**Please do not report security vulnerabilities here**. The Responsible Disclosure Program (https://auth0.com/whitehat) details the procedure for disclosing security issues.
+
+Thank you in advance for helping us to improve this library! Please read through the template below and answer all relevant questions. Your additional work here is greatly appreciated and will help us respond as quickly as possible. For general support or usage questions, use the Auth0 Community (https://community.auth0.com/) or Auth0 Support (https://support.auth0.com/). Finally, to avoid duplicates, please search existing Issues before submitting one here.
+
+By submitting an Issue to this repository, you agree to the terms within the Auth0 Code of Conduct (https://github.com/auth0/open-source-template/blob/master/CODE-OF-CONDUCT.md).
+-->
+
+### Describe the problem
+
+<!--
+> Provide a clear and concise description of the issue
+-->
+
+### What was the expected behavior?
+
+<!--
+> Tell us about the behavior you expected to see
+-->
+
+### Reproduction
+<!--
+> Detail the steps taken to reproduce this error, and whether this issue can be reproduced consistently or if it is intermittent.
+> **Note**: If clear, reproducable steps or the smallest sample app demonstrating misbehavior cannot be provided, we may not be able to follow up on this bug report.
+
+> Where possible, please include:
+>
+> - The smallest possible sample app that reproduces the undesirable behavior
+> - Log files (redact/remove sensitive information)
+> - Application settings (redact/remove sensitive information)
+> - Screenshots
+-->
+
+- Step 1..
+- Step 2..
+- ...
+
+### Environment
+
+<!--
+> Please provide the following:
+-->
+
+- **Version of this library used:**
+- **Which framework are you using, if applicable:**
+- **Other modules/plugins/libraries that might be involved:**
+- **Any other relevant information you think would be useful:**

data/.github/PULL_REQUEST_TEMPLATE.md

@@ -0,0 +1,32 @@
+### Changes
+
+Please describe both what is changing and why this is important. Include:
+
+- Endpoints added, deleted, deprecated, or changed
+- Classes and methods added, deleted, deprecated, or changed
+- Screenshots of new or changed UI, if applicable
+- A summary of usage if this is a new feature or change to a public API (this should also be added to relevant documentation once released)
+
+### References
+
+Please include relevant links supporting this change such as a:
+
+- support ticket
+- community post
+- StackOverflow post
+- support forum thread
+- related GitHub issue in this or another repo
+
+### Testing
+
+Please describe how this can be tested by reviewers. Be specific about anything not tested and reasons why. If this library has unit and/or integration testing, tests should be added for new functionality and existing tests should complete without errors.
+
+* [ ] This change adds unit test coverage
+* [ ] This change has been tested on the latest version of the platform/language or why not
+
+### Checklist
+
+* [ ] I have read the [Auth0 contribution guidelines](https://github.com/auth0/open-source-template/blob/master/GENERAL-CONTRIBUTING.md)
+* [ ] I have read the [Auth0 Code of Conduct](https://github.com/auth0/open-source-template/blob/master/CODE-OF-CONDUCT.md)
+* [ ] All existing and new tests complete without errors
+* [ ] All code quality tools/guidelines in the [CONTRIBUTING documentation](https://github.com/auth0/omniauth-auth0/blob/master/CONTRIBUTING.md) have been run/followed

data/.github/stale.yml

@@ -0,0 +1,20 @@
+# Configuration for probot-stale - https://github.com/probot/stale
+
+# Number of days of inactivity before an Issue or Pull Request becomes stale
+daysUntilStale: 90
+
+# Number of days of inactivity before an Issue or Pull Request with the stale label is closed.
+daysUntilClose: 7
+
+# Issues or Pull Requests with these labels will never be considered stale. Set to `[]` to disable
+exemptLabels: []
+
+# Set to true to ignore issues with an assignee (defaults to false)
+exemptAssignees: true
+
+# Label to use when marking as stale
+staleLabel: closed:stale
+
+# Comment to post when marking as stale. Set to `false` to disable
+markComment: >
+  This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. If you have not received a response for our team (apologies for the delay) and this is still a blocker, please reply with additional information or just a ping. Thank you for your contribution! 🙇‍♂️

data/.github/workflows/semgrep.yml

@@ -0,0 +1,24 @@
+name: Semgrep
+
+on:
+  pull_request: {}
+
+  push:
+    branches: ["master", "main"]
+
+  schedule:
+    - cron: '30 0 1,15 * *'
+
+jobs:
+  semgrep:
+    name: Scan
+    runs-on: ubuntu-latest
+    container:
+      image: returntocorp/semgrep
+    if: (github.actor != 'dependabot[bot]')
+    steps:
+      - uses: actions/checkout@v3
+
+      - run: semgrep ci
+        env:
+          SEMGREP_APP_TOKEN: ${{ secrets.SEMGREP_APP_TOKEN }}

data/.gitignore

@@ -1,9 +1,12 @@
 .ruby-version
 coverage
-Gemfile.lock
 *.gem
 
 .#*
 .env
 log/
-tmp/
+tmp/
+
+## Environment normalization:
+/.bundle
+/vendor/bundle

data/.semgrepignore

@@ -0,0 +1,4 @@
+examples/
+spec/
+CHANGELOG.md
+README.md

data/.shiprc

@@ -0,0 +1,7 @@
+{
+  "files": {
+    "lib/omniauth-auth0/version.rb": []
+  },
+  "prebump": "bundle install && bundle exec rake test",
+  "postbump": "bundle update"
+}

data/.snyk

@@ -0,0 +1,9 @@
+# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
+version: v1.13.5
+# ignores vulnerabilities until expiry date; change duration by modifying expiry date
+ignore:
+  SNYK-RUBY-OMNIAUTH-174820:
+    - '*':
+        reason: Not affected.
+        expires: 2020-01-01T00:00:00.000Z
+patch: {}

data/CHANGELOG.md

@@ -1,10 +1,189 @@
 # Change Log
 
+## [v3.1.0](https://github.com/auth0/omniauth-auth0/tree/v3.1.0) (2022-11-04)
+
+[Full Changelog](https://github.com/auth0/omniauth-auth0/compare/v3.0.0...v3.1.0)
+
+**Added**
+
+- Add ui_locales to permitted params [\#135](https://github.com/auth0/omniauth-auth0/pull/135) ([martijn](https://github.com/martijn))
+
+**Changed**
+
+- Store plain Hash in session['authorize_params'] [\#150](https://github.com/auth0/omniauth-auth0/pull/150) ([santry](https://github.com/santry))
+- Redesign readme to match new style [\#148](https://github.com/auth0/omniauth-auth0/pull/148) ([stevehobbsdev](https://github.com/stevehobbsdev))
+
+**Fixed**
+
+- Fix authentication hash link in code sample [\#153](https://github.com/auth0/omniauth-auth0/pull/153) ([ewanharris](https://github.com/ewanharris))
+
+**Security**
+
+- [Snyk] Fix for 1 vulnerabilities [\#149](https://github.com/auth0/omniauth-auth0/pull/149) ([snyk-bot](https://github.com/snyk-bot))
+- Bump addressable from 2.7.0 to 2.8.0 [\#133](https://github.com/auth0/omniauth-auth0/pull/133) ([dependabot[bot]](https://github.com/apps/dependabot))
+- [Snyk] Security upgrade webmock from 3.12.2 to 3.12.2 [\#134](https://github.com/auth0/omniauth-auth0/pull/134) ([snyk-bot](https://github.com/snyk-bot))
+
+## [v3.0.0](https://github.com/auth0/omniauth-auth0/tree/v3.0.0) (2021-04-14)
+
+Version 3.0 introduces [Omniauth v2.0](https://github.com/omniauth/omniauth/releases/tag/v2.0.0) which addresses [CVE-2015-9284](https://nvd.nist.gov/vuln/detail/CVE-2015-9284). Omniauth now defaults to only allow `POST` as the allowed request_phase method. This was previously handled through the recommended [mitigation](https://github.com/omniauth/omniauth/wiki/Resolving-CVE-2015-9284) using the `omniauth-rails_csrf_protection v0.x.x` gem to provide CSRF protection.
+
+### Upgrading to omniauth-rails_csrf_protection v1.0.0
+
+If you are using `omniauth-rails_csrf_protection` to provide CSRF protection, you will need to be upgrade to `1.x.x`.
+
+### BREAKING CHANGES
+
+Now that OmniAuth now defaults to only `POST` as the allowed request_phase method, if you aren't already, you will need to convert any login links to use [form helpers](https://api.rubyonrails.org/classes/ActionView/Helpers/FormHelper.html#method-i-form_for) with the `POST` method.
+
+```html+ruby
+# OLD -- GET request
+<a href='/auth/auth0'>Login</a>
+
+# NEW Example #1 -- POST request
+<%= link_to 'Login', 'auth/auth0', method: :post %>
+
+# NEW Example #2 -- POST request
+<%= button_to 'Login', 'auth/auth0', method: :post %>
+
+# NEW Example #3 -- POST request
+<%= form_tag('/auth/auth0', method: :post) do %>
+  <button type='submit'></button>
+<% end %>
+```
+
+### Allowing GET Requests
+
+In the scenario you absolutely must use GET requests as an allowed request method for authentication, you can override the protection provided with the following config override:
+
+```ruby
+# Allowing GET requests will expose you to CVE-2015-9284
+OmniAuth.config.allowed_request_methods = [:get, :post]
+```
+
+## [v2.6.0](https://github.com/auth0/omniauth-auth0/tree/v2.6.0) (2021-04-01)
+
+[Full Changelog](https://github.com/auth0/omniauth-auth0/compare/v2.5.0...v2.6.0)
+
+**Added**
+
+- Org Support [SDK-2395] [\#124](https://github.com/auth0/omniauth-auth0/pull/124) ([davidpatrick](https://github.com/davidpatrick))
+- Add login_hint to permitted params [\#123](https://github.com/auth0/omniauth-auth0/pull/123) ([Roriz](https://github.com/Roriz))
+
+## [v2.5.0](https://github.com/auth0/omniauth-auth0/tree/v2.5.0) (2021-01-21)
+
+[Full Changelog](https://github.com/auth0/omniauth-auth0/compare/v2.4.2...v2.5.0)
+
+**Added**
+
+- Parsing claims from the id_token [\#120](https://github.com/auth0/omniauth-auth0/pull/120) ([davidpatrick](https://github.com/davidpatrick))
+
+**Changed**
+
+- Setup build matrix in CI [\#116](https://github.com/auth0/omniauth-auth0/pull/116) ([dmathieu](https://github.com/dmathieu))
+
+**Fixed**
+
+- Fixes params passed to authorize [\#119](https://github.com/auth0/omniauth-auth0/pull/119) ([davidpatrick](https://github.com/davidpatrick))
+
+## [v2.4.2](https://github.com/auth0/omniauth-auth0/tree/v2.4.2) (2021-01-19)
+
+[Full Changelog](https://github.com/auth0/omniauth-auth0/compare/v2.4.1...v2.4.2)
+
+**Fixed**
+
+- Lock Omniauth to 1.9 in gemspec
+
+## [v2.4.1](https://github.com/auth0/omniauth-auth0/tree/v2.4.1) (2020-10-08)
+
+[Full Changelog](https://github.com/auth0/omniauth-auth0/compare/v2.4.0...v2.4.1)
+
+**Fixed**
+
+- Verify the JWT Signature [\#109](https://github.com/auth0/omniauth-auth0/pull/109) ([jimmyjames](https://github.com/jimmyjames))
+
+## [v2.4.0](https://github.com/auth0/omniauth-auth0/tree/v2.4.0) (2020-09-22)
+
+[Full Changelog](https://github.com/auth0/omniauth-auth0/compare/v2.3.1...v2.4.0)
+
+**Security**
+
+- Bump rack from 2.2.2 to 2.2.3 [\#107](https://github.com/auth0/omniauth-auth0/pull/107) ([dependabot](https://github.com/dependabot))
+- Update dependencies [\#100](https://github.com/auth0/omniauth-auth0/pull/100) ([Albalmaceda](https://github.com/Albalmaceda))
+
+**Added**
+
+- Add support for screen_hint=signup param [\#103](https://github.com/auth0/omniauth-auth0/pull/103) ([bbean86](https://github.com/bbean86))
+- Add support for `connection_scope` in params [\#99](https://github.com/auth0/omniauth-auth0/pull/99) ([felixclack](https://github.com/felixclack))
+
+## [v2.3.1](https://github.com/auth0/omniauth-auth0/tree/v2.3.1) (2020-03-27)
+
+[Full Changelog](https://github.com/auth0/omniauth-auth0/compare/v2.3.0...v2.3.1)
+
+**Fixed bugs:**
+
+- Fixes dependency issue [\#97](https://github.com/auth0/omniauth-auth0/pull/97) ([davidpatrick](https://github.com/davidpatrick))
+- Fix "NameError: uninitialized constant OmniAuth::Auth0::TokenValidationError" [\#96](https://github.com/auth0/omniauth-auth0/pull/96) ([stefanwork](https://github.com/stefanwork))
+
+## [v2.3.0](https://github.com/auth0/omniauth-auth0/tree/v2.3.0) (2020-03-06)
+
+[Full Changelog](https://github.com/auth0/omniauth-auth0/compare/v2.2.0...v2.3.0)
+
+**Added**
+
+- Improved OIDC Compliance [\#92](https://github.com/auth0/omniauth-auth0/pull/92) ([davidpatrick](https://github.com/davidpatrick))
+
+## [v2.2.0](https://github.com/auth0/omniauth-auth0/tree/v2.2.0) (2018-04-18)
+
+[Full Changelog](https://github.com/auth0/omniauth-auth0/compare/v2.1.0...v2.2.0)
+
+**Closed issues**
+
+- It supports custom domain? [\#71](https://github.com/auth0/omniauth-auth0/issues/71)
+- Valid Login, No Details: email=nil image=nil name="github|38257089" nickname=nil [\#70](https://github.com/auth0/omniauth-auth0/issues/70)
+
+**Added**
+
+- Custom issuer [\#77](https://github.com/auth0/omniauth-auth0/pull/77) ([ryan-rosenfeld](https://github.com/ryan-rosenfeld))
+- Add telemetry to token endpoint [\#74](https://github.com/auth0/omniauth-auth0/pull/74) ([joshcanhelp](https://github.com/joshcanhelp))
+
+**Changed**
+
+- Remove telemetry from authorize URL [\#75](https://github.com/auth0/omniauth-auth0/pull/75) ([joshcanhelp](https://github.com/joshcanhelp))
+
+## [v2.1.0](https://github.com/auth0/omniauth-auth0/tree/v2.1.0) (2018-10-30)
+
+[Full Changelog](https://github.com/auth0/omniauth-auth0/compare/v2.0.0...v2.1.0)
+
+**Closed issues**
+
+- URL should be spelled uppercase outside of code [\#64](https://github.com/auth0/omniauth-auth0/issues/64)
+- Add prompt=none authorization param handler [\#58](https://github.com/auth0/omniauth-auth0/issues/58)
+- Could not find a valid mapping for path "/auth/oauth2/callback" [\#56](https://github.com/auth0/omniauth-auth0/issues/56)
+- I had to downgrade my gems to use this strategy :-( [\#53](https://github.com/auth0/omniauth-auth0/issues/53)
+- CSRF detected [\#49](https://github.com/auth0/omniauth-auth0/issues/49)
+- /auth/:provider route not registered? [\#47](https://github.com/auth0/omniauth-auth0/issues/47)
+
+**Added**
+
+- Add ID token validation [\#62](https://github.com/auth0/omniauth-auth0/pull/62) ([joshcanhelp](https://github.com/joshcanhelp))
+- Silent authentication [\#59](https://github.com/auth0/omniauth-auth0/pull/59) ([batalla3692](https://github.com/batalla3692))
+- Pass connection parameter to auth0 [\#54](https://github.com/auth0/omniauth-auth0/pull/54) ([tomgi](https://github.com/tomgi))
+
+**Changed**
+
+- Update to omniauth-oauth2 [\#55](https://github.com/auth0/omniauth-auth0/pull/55) ([chills42](https://github.com/chills42))
+
+**Fixed**
+
+- Fix Rubocop errors [\#66](https://github.com/auth0/omniauth-auth0/pull/66) ([joshcanhelp](https://github.com/joshcanhelp))
+- Fix minute bug in README.md [\#63](https://github.com/auth0/omniauth-auth0/pull/63) ([rahuldess](https://github.com/rahuldess))
+
 ## [v2.0.0](https://github.com/auth0/omniauth-auth0/tree/v2.0.0) (2017-01-25)
+
 [Full Changelog](https://github.com/auth0/omniauth-auth0/compare/v1.4.1...v2.0.0)
 
 Updated library to handle OIDC conformant clients and OAuth2 features in Auth0.
-This affects how the `credentials` and `info` attributes are populated since the payload of /oauth/token and /userinfo are differnt when using OAuth2/OIDC features.
+This affects how the `credentials` and `info` attributes are populated since the payload of /oauth/token and /userinfo are different when using OAuth2/OIDC features.
 
 The `credentials` hash will always have an `access_token` and might have a `refresh_token` (if it's allowed in your API settings in Auth0 dashboard and requested using `offline_access` scope) and an `id_token` (scope `openid` is needed for Auth0 to return it).
 
@@ -17,7 +196,37 @@ The `info` object will use the [OmniAuth schema](https://github.com/omniauth/omn
 
 Also in `extra` will have in `raw_info` the full /userinfo response.
 
+**Fixed**
+
+- Use image attribute of omniauth instead of picture [\#45](https://github.com/auth0/omniauth-auth0/pull/45) ([hzalaz](https://github.com/hzalaz))
+- Rework strategy to handle OAuth and OIDC [\#44](https://github.com/auth0/omniauth-auth0/pull/44) ([hzalaz](https://github.com/hzalaz))
+- lock v10 update, dependencies update [\#41](https://github.com/auth0/omniauth-auth0/pull/41) ([Amialc](https://github.com/Amialc))
+
+## [v1.4.2](https://github.com/auth0/omniauth-auth0/tree/v1.4.2) (2016-06-13)
+
+[Full Changelog](https://github.com/auth0/omniauth-auth0/compare/v1.4.1...v1.4.2)
+
+**Added**
+
+- Link to OmniAuth site [\#36](https://github.com/auth0/omniauth-auth0/pull/36) ([jghaines](https://github.com/jghaines))
+- add ssl fix to RoR example [\#31](https://github.com/auth0/omniauth-auth0/pull/31) ([Amialc](https://github.com/Amialc))
+- Update LICENSE [\#17](https://github.com/auth0/omniauth-auth0/pull/17) ([aguerere](https://github.com/aguerere))
+
+**Changed**
+
+- Update lock to version 9 [\#34](https://github.com/auth0/omniauth-auth0/pull/34) ([Annyv2](https://github.com/Annyv2))
+- Update Gemfile [\#22](https://github.com/auth0/omniauth-auth0/pull/22) ([Annyv2](https://github.com/Annyv2))
+- Update lock [\#15](https://github.com/auth0/omniauth-auth0/pull/15) ([Annyv2](https://github.com/Annyv2))
+
+**Fixed**
+
+- Fix setup [\#38](https://github.com/auth0/omniauth-auth0/pull/38) ([deepak](https://github.com/deepak))
+- Added missing instruction [\#30](https://github.com/auth0/omniauth-auth0/pull/30) ([Annyv2](https://github.com/Annyv2))
+- Fixes undefined Auth0Lock issue [\#28](https://github.com/auth0/omniauth-auth0/pull/28) ([Annyv2](https://github.com/Annyv2))
+- Update Readme [\#27](https://github.com/auth0/omniauth-auth0/pull/27) ([Annyv2](https://github.com/Annyv2))
+
 ## [v1.4.1](https://github.com/auth0/omniauth-auth0/tree/v1.4.1) (2015-11-18)
+
 [Full Changelog](https://github.com/auth0/omniauth-auth0/compare/v1.4.0...v1.4.1)
 
 **Merged pull requests:**
@@ -28,6 +237,7 @@ Also in `extra` will have in `raw_info` the full /userinfo response.
 - Add nested module in version.rb [\#9](https://github.com/auth0/omniauth-auth0/pull/9) ([l4u](https://github.com/l4u))
 
 ## [v1.4.0](https://github.com/auth0/omniauth-auth0/tree/v1.4.0) (2015-06-01)
+
 **Merged pull requests:**
 
 - Client headers [\#8](https://github.com/auth0/omniauth-auth0/pull/8) ([benschwarz](https://github.com/benschwarz))
@@ -36,6 +246,4 @@ Also in `extra` will have in `raw_info` the full /userinfo response.
 - Update README.md [\#3](https://github.com/auth0/omniauth-auth0/pull/3) ([pose](https://github.com/pose))
 - Fix Markdown typo [\#2](https://github.com/auth0/omniauth-auth0/pull/2) ([dentarg](https://github.com/dentarg))
 
-
-
-\* *This Change Log was automatically generated by [github_changelog_generator](https://github.com/skywinder/Github-Changelog-Generator)*
+\* _This Change Log was automatically generated by [github_changelog_generator](https://github.com/skywinder/Github-Changelog-Generator)_

data/CONTRIBUTING.md

@@ -0,0 +1,71 @@
+# Contribution
+
+**Thank you in advance for your contribution!**
+
+Please read [Auth0's contribution guidelines](https://github.com/auth0/open-source-template/blob/master/GENERAL-CONTRIBUTING.md) before beginning work on your contribution here. 
+
+## Environment setup
+
+The best way we've found to develop gems locally is by using a local setting for your Bundler config. First, checkout the project locally:
+
+```bash
+$ pwd
+/PROJECT_ROOT/
+$ mkdir vendor # if one does not exist
+$ echo "/vendor/" >> .gitignore
+$ git clone git@github.com:auth0/omniauth-auth0.git vendor/omniauth-auth0
+Cloning into 'vendor/omniauth-auth0'...
+```
+
+Now, run the following command in your project root directory:
+
+```bash
+$ bundle config --local local.omniauth-auth0 /PROJECT_ROOT/vendor/omniauth-auth0
+You are replacing the current local value of local.omniauth-auth0, which is currently nil
+$ bundle config
+Settings are listed in order of priority. The top value will be used.
+local.omniauth-auth0
+Set for your local app (/PROJECT_ROOT/.bundle/config): "/PROJECT_ROOT/vendor/omniauth-auth0"
+```
+
+Finally, add or change the gem include to add a `github:` param:
+
+```ruby
+source 'https://rubygems.org'
+# ...
+# OmniAuth strategy for authenticating with Auth0
+gem 'omniauth-auth0', github: 'auth0/omniauth-auth0'
+#..
+```
+
+Now you should be able to make changes locally and have them reflected in your test app. Keep in mind you'll need to restart your app between changes.
+
+[Great explanation for why this setup works well](https://rossta.net/blog/how-to-specify-local-ruby-gems-in-your-gemfile.html). 
+
+## Testing
+
+Tests should be added for additional or modified functionality and all tests should run successfully before submitting a PR. 
+
+### Adding tests
+
+All new tests should be added to the `/spec/omniauth` directory. Testing resources, like JSON fixtures, should be added to the `/spec/resources` directory.
+
+### Running tests
+
+Running tests is as simple as:
+
+```bash
+$ bundle exec rake spec
+```
+
+## Documentation
+
+Documentation for this gem is primarily done at the code level. All new methods should include a docblock at least. 
+
+## Code quality tools
+
+Code quality is enforced across the entire gem with Rubocop:
+
+```bash
+$ bundle exec rake rubocop
+```